Deloitte Insights Video

Ecosystems, or communities of diverse participants who create greater value through sophisticated models of collaboration and competition, are complex and often confusing, but leaders who understand how to work within these dynamic and adaptive environments can attract passionate communities of participants and reap enhanced business value.

Core systems can be a jumping-off point for enterprise innovation, or the very thing that halts growth in its tracks. In this Tech Trends video, Mark White, CTO at Deloitte Consulting LLP, discusses the questions CIOs should ask themselves in pursuing the rebirth of core IT assets.

More organizations are turning to crisis simulations to test their ability to respond to unexpected events. When well-planned and executed, these exercises provide participants with a realistic sense of their roles and responsibilities during a crisis and help to reveal blind spots. Four organizations from different industries that have undertaken crisis simulations in recent years share lessons they’ve learned and benefits they’ve derived from the experience.

Related Deloitte Insights

Michael O’Rourke, CIO for Catholic Health Initiatives, and Mitch Morris, a principal with Deloitte Consulting LLP and leader of its global health care practice, answer questions about the influence of technology in health care transformation and the challenges currently faced by CIOs in the sector.

Evolving health care models are highly dependent on the secure exchange of patient medical data among providers, plans, and other stakeholders. By implementing effective security and privacy programs and policies, CIOs can help their organizations overcome consumers’ well-founded concerns and earn their trust.

Disparate data generated and stored in siloed systems may prevent many companies from improving the customer experience and more effectively managing their businesses. By combining new and existing data management and integration tools into a “unified data platform,” organizations across industries could move data throughout their enterprises regardless of its point of origin, size, structure, and volume.

About this blog

About Deloitte Insights

Deloitte Insights for CIOs couples broad business insights with deep technical knowledge to help executives drive business and technology strategy, support business transformation, and enhance growth and productivity. Through fact-based research, technology perspectives and analyses, case studies and more, Deloitte Insights for CIOs informs the essential conversations in global, technology-led organizations.

Security and Privacy in Mobile Health

Clinicians and patients are adopting mobile technologies faster than providers can protect security and privacy. It’s time to play catch-up.

Health care providers are witnessing an explosion of interest in mobile solutions. Clinicians are turning to smartphones and tablets to access electronic medical records (EMR) on the go, and patients are using mobile devices and apps for everything from monitoring personal fitness to managing chronic diseases. But unlike industries such as financial services that have had decades of experience with automation (think ATMs and online banking), providers need to adjust to the mobile revolution at the same time they are embracing automation.

For CIOs, the challenges of mobile health (“mHealth”) extend beyond supplying clinicians with new devices and apps and adopting a customer-service mindset toward patients. Security and privacy challenges loom large. If a clinician exposes a hospital to undue security risk or fails to safeguard patient privacy, the consequences can be significant: The benefits of mHealth to patients and clinicians could be seriously undermined, and an organization could incur fines, miss out on incentive payments, and jeopardize its reputation.

For many providers, implementing leading practices in mHealth security will mean playing catch-up. For example, a survey found that 93 percent of clinicians already use their personal smartphone to access EMR, but only 38 percent did so under a formal mobile policy.¹

The Promise and Security Risks of mHealth

The promise of mHealth is both exciting and daunting. Hospitals and other health care providers may use mobile technologies to improve communication and information exchange among staff, referring physicians, patients, and visitors—helping them enhance efficiency, utilization, outcomes, and customer satisfaction.

The benefits could be particularly significant for post-acute care and early discharge programs. For example, clinicians can monitor a patient’s condition at home, support in-home providers in making diagnoses, gather information about behavioral patterns, and exchange real-time data. Mobile solutions may even help reduce the need for hospitalization by enabling early recognition and treatment of conditions. Consumers appear to recognize the benefits. In a recent survey, 41 percent expressed a strong interest in health monitoring devices.²

In addition to helping providers improve patient care, enterprise-based analytics may allow them to draw upon mobile data and communication channels to optimize resource utilization. By using analytics to improve patient flow, for instance, they may be able to reduce wait times and crowding. They can also use “mPayment” systems that directly debit health service accounts or bill payers.

Along with such promising opportunities come many financial and brand concerns relating to security and privacy. A common occurrence like the loss or theft of a mobile device with unencrypted patient data, including credit card numbers, could result in a security breach with far-reaching consequences.

Privacy breaches resulting from the loss of patient data could lead to enforcement actions by the Department of Health and Human Services (HHS) under the Health Insurance Portability and Accountability Act (HIPAA.) For example, to qualify for bonus payments under the federal government’s “meaningful use” incentives relating to EMR, health care organizations must certify that they are compliant with HIPAA privacy and security rules. If an audit by HHS finds an absence of “good faith compliance,” the potential penalties include having to return the bonus payments. HHS plans to increase its focus on security and privacy when conducting audits of “meaningful use” compliance.³

Fraud and identity theft resulting from security breaches could also lead to mistrust among patients that would undermine innovative initiatives in mHealth and beyond. In a recent study of providers who suffered data breaches, 81 percent reported lost productivity, 78 percent said the organization’s reputation had been harmed, and 75 percent felt patient goodwill had been affected. The average economic impact of breaches per provider was $2.4 million.⁴

Building the Foundation of Trust

To maintain a secure environment for mHealth that builds trust among clinicians and patients, providers will need to invest in mobile infrastructure. This includes an enterprisewide mobile application management platform to increase security from malware attacks and to protect enterprise data as clinicians migrate to BYOD (bring your own device) in the workplace. It will be important to adopt solutions for encryption of patient information, security policy enforcement (such as remote “wiping” of lost devices), and network device management, as well as to improve the overall access management and processes for all IT systems.

To understand their starting point, providers should consider comparing their current practices for securing health information with generally accepted security and privacy controls and standards (e.g. NIST Security Standards and 800 series publications, CMS Harmonized Security and Privacy Framework, HITRUST Common Security Framework, and HHS IT mobile standards). They’ll also need to understand which devices clinicians and patients use to access the network, and assess the security risks relating to each device. Using this fact base, providers can identify gaps in security and develop a plan to close or mitigate the gaps. To avoid creating a plan that sits on a shelf collecting dust, providers can follow up with a systematic program to continuously monitor and proactively manage security and privacy.

*****

The shift to mHealth solutions is just one component of the transition to a consumer-focused, outcomes-based healthcare system. These solutions offer innovative ways to achieve the overall goal of providing high-quality, low-cost health services. But they also create a new set of risks relating to security and privacy that providers need to manage actively so the promise can be fulfilled.